Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,245
CVE-linked
1,864
Programs
343
New This Week
23
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Stored-XSS-ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-10-02
Remove obsolete domain from handbook subdomain
GitLab Misconfiguration (CWE-16)
Low
2024-10-01
IBM OpenPages vulnerable to exposure of sensitive information
IBM Improper Authentication - Generic (CWE-287)CVE-2024-35151
Medium
2024-10-01
XSS when using `translate` in Action Controller (Rails 7.0, 7.1)
Ruby on Rails Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2020-15169
Low
2024-10-01
Posts sent via websockets aren't sanitized properly
Mattermost Improper Input Validation (CWE-20)CVE-2024-47003
Low
2024-10-01
IDOR Exposes All Machine Learning Models
GitLab Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2024-10-01
The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.
Rocket.Chat Use of Insufficiently Random Values (CWE-330)CVE-2024-42027
High
2024-10-01
[Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization
Nintendo Stack Overflow (CWE-121)
Medium
2024-09-30
Client-Side Path Traversal on LINE Developers Console
LY Corporation Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2024-09-26
SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci
MTN Group Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-10770
Medium
2024-09-26
Able to see location coordinates in any event without permission to do so
FetLife Information Disclosure (CWE-200)
Low
2024-09-25
Possible DoS Vulnerability with Range Header in Rack
Internet Bug Bounty CVE-2024-26141
High
2024-09-25
Possible XSS Vulnerability in Action Controller
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2024-26143
Low
2024-09-25
CVE-2024-41989: Denial-Of-Service vulnerability in the floatformat template filter when input string contains a big exponent in scientific notation
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-41989
Medium
2024-09-22
curl: stack-buffer overread during punycode conversions
Internet Bug Bounty Buffer Over-read (CWE-126)CVE-2024-6874
Low
2024-09-22
Unbounded memory growth with session handling in TLSv1.3
Internet Bug Bounty Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2024-2511
Low
2024-09-22
DOM XSS in tiktok.com/login via the redirect_url parameter
TikTok Cross-site Scripting (XSS) - DOM (CWE-79)
High
2024-09-21
Stored Xss On "https://www.question.com/"
Drugs.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-09-20
SSRF and secret key disclosure found on Turbonomic endpoint
IBM Server-Side Request Forgery (SSRF) (CWE-918)
High
2024-09-19
SSRF and secret key disclosure found on Turbonomic endpoint
IBM Server-Side Request Forgery (SSRF) (CWE-918)
High
2024-09-19
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239